CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 3CVE-2016-5844 – libarchive: undefined behaviour (integer overflow) in iso parser
https://notcve.org/view.php?id=CVE-2016-5844
Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file. Desbordamiento de entero en el analizador ISO en libarchive en versiones anteriores a 3.2.1 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo ISO manipulado. Undefined behavior (signed integer overflow) was discovered in libarchive, in the ISO parser. A crafted file could potentially cause denial of service. • http://rhn.redhat.com/errata/RHSA-2016-1844.html http://rhn.redhat.com/errata/RHSA-2016-1850.html http://www.debian.org/security/2016/dsa-3657 http://www.openwall.com/lists/oss-security/2016/06/23/6 http://www.openwall.com/lists/oss-security/2016/06/24/4 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/91808 http://www.securityt • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-8922 – libarchive: NULL pointer access in 7z parser
https://notcve.org/view.php?id=CVE-2015-8922
The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct. La función read_CodersInfo en archive_read_support_format_7zip.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un archivo 7z manipulado, relacionado con la estructura the _7z_folder. A vulnerability was found in libarchive. A specially crafted 7Z file could trigger a NULL pointer dereference, causing the application to crash. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html http://rhn.redhat.com/errata/RHSA-2016-1844.html http://www.debian.org/security/2016/dsa-3657 http://www.openwall.com/lists/oss-security/2016/06/17/2 http://www.openwall.com/lists/oss-security/2016/06/17/5 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/91312 http://www.ubuntu.com/usn/USN-3033-1 https://blog.fuzzing-project. • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2016-4809 – libarchive: Memory allocate error with symbolic links in cpio archives
https://notcve.org/view.php?id=CVE-2016-4809
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink. La función archive_read_format_cpio_read_header en archive_read_support_format_cpio.c en libarchive en versiones anteriores a 3.2.1 permite a atacantes remotos provocar denegación de servicio (caída de aplicación) a través de un archivo CPIO con un enlace simbólico grande. A vulnerability was found in libarchive. A specially crafted cpio archive containing a symbolic link to a ridiculously large target path can cause memory allocation to fail, resulting in any attempt to view or extract the archive crashing. • http://rhn.redhat.com/errata/RHSA-2016-1844.html http://rhn.redhat.com/errata/RHSA-2016-1850.html http://www.debian.org/security/2016/dsa-3657 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/91813 https://bugzilla.redhat.com/show_bug.cgi?id=1347084 https://github.com/libarchive/libarchive/commit/fd7e0c02 https://github.com/libarchive/libarchive/issues/705 https://security.gentoo.org/glsa/201701-03 https://access • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 4CVE-2016-4997 – Linux Kernel 4.6.2 (Ubuntu 16.04.1) - 'IP6T_SO_SET_REPLACE' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-4997
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement. Las implementaciones de compat IPT_SO_SET_REPLACE y IP6T_SO_SET_REPLACE setsockopt en el subsistema netfilter en el kernel de Linux antes de 4.6.3 permiten a los usuarios locales obtener privilegios o provocar una denegación de servicio (corrupción de memoria) aprovechando el acceso del root en el contenedor para proporcionar un valor de compensación manipulado que desencadena una disminución no intencionada. A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitrary kernel memory when unloading a kernel module. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges. • https://www.exploit-db.com/exploits/40489 https://www.exploit-db.com/exploits/40435 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d045e5d67d1312a42b359cb2ab2a13c http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00061.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http:/ • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-4998 – kernel: out of bounds reads when processing IPT_SO_SET_REPLACE setsockopt
https://notcve.org/view.php?id=CVE-2016-4998
The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary. La implementación de setsockopt IPT_SO_SET_REPLACEIPT_SO_SET_REPLACE en el subsistema de netfilter en el kernel de Linux en versiones anteriores a 4.6 permite a usuarios locales provocar una denegación de servicio (lectura fuera de límites) o posiblemente obtener información sensible de la memoria dinámica del kernel aprovechando el acceso root en el contenedor para proporcionar un valor de desplazamiento manipulado que lleva a cruzar un conjunto de reglas de un límite blob. An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt(). The function call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw in privileged container environments. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html http://rhn.redhat.com/errata/RHSA-2016-1847.html http://rhn.redhat.com/errata/RHSA-2016-1875.html http://rhn.redhat.com/errata/RHSA-2016-1883.html http://rhn.redhat.com/errata/RHSA-2017-0036.html http://www.debian.org/securi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •